mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 02:38:10 +02:00
Kevin Veen-Birkenbach
ca52dcda43
- Add CPU, memory and PID limits to all services in config/main.yml to prevent OOM - Replace old LDAP admin bootstrap with new 02_admin.yml using OPENPROJECT_ADMINISTRATOR_* vars - Standardize variable names (uppercase convention) - Fix HTTPS/HSTS port check (443 instead of 433) - Allow docker_restart_policy override in base.yml.j2 - Cleanup redundant LDAP admin runner in 01_ldap.yml See: https://chatgpt.com/share/68d40c6e-ab9c-800f-a4a0-d9338d8c1b32
80 lines
3.3 KiB
YAML
80 lines
3.3 KiB
YAML
- name: Load LDAP configuration variables
|
|
include_vars:
|
|
file: "ldap.yml"
|
|
|
|
- name: Check if LDAP source exists
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ openproject_ldap.name }}' LIMIT 1;"
|
|
register: ldap_check
|
|
|
|
- name: Update existing LDAP auth source
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: >
|
|
UPDATE ldap_auth_sources SET
|
|
host = '{{ openproject_ldap.host }}',
|
|
port = {{ openproject_ldap.port }},
|
|
account = '{{ openproject_ldap.account }}',
|
|
account_password = '{{ openproject_ldap.account_password }}',
|
|
base_dn = '{{ openproject_ldap.base_dn }}',
|
|
attr_login = '{{ openproject_ldap.attr_login }}',
|
|
attr_firstname = '{{ openproject_ldap.attr_firstname }}',
|
|
attr_lastname = '{{ openproject_ldap.attr_lastname }}',
|
|
attr_mail = '{{ openproject_ldap.attr_mail }}',
|
|
onthefly_register = {{ openproject_ldap.onthefly_register }},
|
|
attr_admin = '{{ openproject_ldap.attr_admin }}',
|
|
updated_at = NOW(),
|
|
tls_mode = {{ openproject_ldap.tls_mode }},
|
|
filter_string = '{{ openproject_ldap.filter_string }}',
|
|
verify_peer = {{ openproject_ldap.verify_peer }},
|
|
tls_certificate_string = '{{ openproject_ldap.tls_certificate_string }}'
|
|
WHERE name = '{{ openproject_ldap.name }}';
|
|
when: ldap_check.query_result | length > 0
|
|
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
|
|
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
|
|
|
|
- name: Create new LDAP auth source
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: >
|
|
INSERT INTO ldap_auth_sources
|
|
(name, host, port, account, account_password, base_dn, attr_login,
|
|
attr_firstname, attr_lastname, attr_mail, onthefly_register, attr_admin,
|
|
created_at, updated_at, tls_mode, filter_string, verify_peer, tls_certificate_string)
|
|
VALUES (
|
|
'{{ openproject_ldap.name }}',
|
|
'{{ openproject_ldap.host }}',
|
|
{{ openproject_ldap.port }},
|
|
'{{ openproject_ldap.account }}',
|
|
'{{ openproject_ldap.account_password }}',
|
|
'{{ openproject_ldap.base_dn }}',
|
|
'{{ openproject_ldap.attr_login }}',
|
|
'{{ openproject_ldap.attr_firstname }}',
|
|
'{{ openproject_ldap.attr_lastname }}',
|
|
'{{ openproject_ldap.attr_mail }}',
|
|
{{ openproject_ldap.onthefly_register }},
|
|
'{{ openproject_ldap.attr_admin }}',
|
|
NOW(),
|
|
NOW(),
|
|
{{ openproject_ldap.tls_mode }},
|
|
'{{ openproject_ldap.filter_string }}',
|
|
{{ openproject_ldap.verify_peer }},
|
|
'{{ openproject_ldap.tls_certificate_string }}'
|
|
);
|
|
when: ldap_check.query_result | length == 0
|
|
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
|
|
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
|